From 3b799411689b4bfc6a5658abe1c7fb1292b51b9f Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Mon, 20 Jun 2005 15:59:13 +0000 Subject: [PATCH] Fixed bug #31054 (safe_mode & open_basedir checks only check first include_path value). --- NEWS | 2 ++ main/streams/plain_wrapper.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index a8ee9b013d..446ac3958d 100644 --- a/NEWS +++ b/NEWS @@ -34,6 +34,8 @@ PHP NEWS PHP). (Marcus) - Fixed bug #31256 (PHP_EVAL_LIBLINE configure macro does not handle -pthread). (Jani) +- Fixed bug #31054 (safe_mode & open_basedir checks only check first + include_path value). (Ilia) - Fixed bug #29683 (headers_list() returns empty array). (Tony) - Fixed bug #28355 (glob wont error if dir is not readable). (Hartmut) - Fixed bugs #20382, #28024, #30532, #32086, #32270, #32555, #32588, #33056 diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 8ef2ae080e..7bc149fa56 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -1297,24 +1297,24 @@ not_relative_path: end++; } snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename); - - if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir(trypath TSRMLS_CC)) { - stream = NULL; - goto stream_done; + + if (((options & STREAM_DISABLE_OPEN_BASEDIR) == 0) && php_check_open_basedir_ex(trypath, 0 TSRMLS_CC)) { + ptr = end; + continue; } if (PG(safe_mode)) { if (VCWD_STAT(trypath, &sb) == 0) { /* file exists ... check permission */ if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { + php_checkuid_ex(trypath, mode, CHECKUID_CHECK_MODE_PARAM, CHECKUID_NO_ERRORS)) { /* UID ok, or trypath is in safe_mode_include_dir */ stream = php_stream_fopen_rel(trypath, mode, opened_path, options); - } else { - stream = NULL; + goto stream_done; } - goto stream_done; } + ptr = end; + continue; } stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) { -- 2.40.0